CUSTOMER PRIVACY POLICY

TABLE OF CONTENTS

  1. WHO ARE WE
  2. PROCESSING OF YOUR PERSONAL DATA
  3. PROCESSING OF PERSONAL DATA ON YOUR BEHALF
  4. TRANSFER OF PERSONAL DATA
  5. SECURITY & CONFIDENTIALITY
  6. WEBSITE & COOKIES
  7. SOCIAL MEDIA
  8. EXERCISING YOUR RIGHTS
  9. DATA PROTECTION AUTHORITY
1. WHO ARE WE

We are Confiva Global d.o.o. residing at Litostrojska cesta 58C 1000 Ljubljana Slovenia with company registration number SI8827451000 .

We care about your privacy and every time we deal with your personal data we do so in accordance with the provisions of the general data protection regulation and the national law relating to the processing of personal data.

We are required under data protection legislation to make the information contained in this privacy policy accessible to you. This privacy policy sets out which measures are taken to protect your privacy when using our services or products, and what rights you have in this respect.

When processing your personal data we are in most cases the “data controller”. This means that we determine the purpose and means of the processing.

By using our services and/or products, you agree to the collection and processing of some of your personal data in accordance with the purpose described in our privacy policy. You are invited to read this privacy policy carefully and familiarise yourself with its content.

Marko Šček is our Privacy Coordinator and you can reach them at [email protected] for any questions or to exercise your rights. Future amendments to this policy cannot be excluded. We therefore ask that you read the privacy policy from time to time.

2. PROCESSING OF YOUR PERSONAL DATA

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We try to collect as little personal information as possible in order to achieve our goals.

We comply with data protection laws which require that the personal information we process about you must be:

  • Collected only for valid purpose(s) that we have informed you about.
  • Used lawfully, fairly and in a transparent way which means in a way that is relevant to the purpose(s) we informed you about, limited only to those purpose(s) and in no way incompatible with those purpose(s).
  • Accurate and kept up to date, kept only as long as necessary for the purpose(s) we have told you about and handled securely.

We may request certain information from you in order to enable you to use or purchase our services or products. If you have any questions do contact our privacy coordinator.

More specifically we will collect any or all of the following data elements :

  • Attendance data
  • Attendee Group
  • Attendee background logs Bank account
  • Claim specific information Company Role
  • Company address Company name Correspondence content Customer name
  • Date & time
  • Electronic identification data Email address
  • Essential cookies
  • Invitation Email delivery status Payment balance data
  • Phone number Pictures / images Profile preferences Profile visibility status Read-receipt data Registration status Third party cookies Username
  • VAT number

We rely on you to provide us with correct data. If the data changes, we invite you to let us know, so we can keep the data up to date.

We process the data to allow us to deliver the services/products, and to continually improve the services/products available to you and adapt them to your needs. More specifically we perform the below processing:

  • Correspondence
    Description: Communication with interested parties in electronic or paper form
    Purpose: To provide proper service Legal basis: Contract
    Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
    Data items: Customer name, VAT number, Company address, Correspondence content, Read- receipt data, Email address, Company name
    Data is processed in the EU
  • Customer invoicing & accounting
    Description: Calculating the fee owed, sending out invoices and ensuring payment Purpose: To ensure proper payment
    Legal basis: Contract
    Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
    Data items: Bank account, Customer name, VAT number, Payment balance data, Company address, Email address
    Data is processed in the EU
  • Customer appointments
    Description: Register customer appointments either on paper or on a computer Purpose: To manage availability and calendar
    Legal basis: Contract
    Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
    Data items: Customer name, Date & time, Email address, Phone number Data is processed in the EU
  • Corporate website
    Description: Corporate website for public consultation. May include customer login area. Purpose: To inform interested and / or business parties
    Legal basis: Legitimate interests
    Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
    Data items: Electronic identification data, Essential cookies, Customer name, Third party cookies, Email address, Phone number
    Data is processed in the EU
  • Customer Support
    Description: Receiving and answering customer questions, complaints etc. Purpose: To solve problems and optimise the functioning of the company Legal basis: Contract
    Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
    Data items: Customer name, Claim specific information, Correspondence content, Email address, Phone number, Attendee Group, Invitation Email delivery status, Registration status, Profile visibility status
    Data is processed in the EU
  • Online event platform – Attendee data
    Description: At Confiva, we are committed to maintaining the privacy and security of your personal information. This segment of our privacy policy outlines how we collect, process, and handle data related to attendees using our online event platform. Your Choices: Participation in events on our platform is voluntary, and you have the option to provide only the necessary information required for event authentication. Additionally, you can choose to enhance your profile for networking purposes and control its visibility to other attendees. If you have concerns about the data being collected or shared, you should review the event details and the event organizer’s privacy policy. Your Rights: You have the right to access, correct, or delete your personal data. You can exercise these rights by contacting both Confiva and the event organizer, as applicable.
    Purpose: The data collected from attendees is processed in accordance with the wishes of the event organizer or client who has set up the event on our platform. The purposes of data processing may include: • Event Analytics: Data related to attendance, watch time, and interactions may be used to generate aggregated insights and analytics for event organizers. This information helps them understand attendee preferences and tailor future events. • Communication: Your name and email address may be used to send event-related communications, such as confirmations, reminders, and updates. • Enhancing Your Profile: To facilitate networking opportunities, you have the option to voluntarily enhance your profile on our platform. This may include adding additional information such as your job title, company name, social media links, and a brief biography. You can control the visibility of this information to other attendees, and you can choose whether your profile is visible or hidden.
    Legal basis: Contract
    Retention period: The data collected for event-related purposes is retained for as long as necessary to fulfill the purposes outlined in this policy or as required by law. After the retention period, your data will be securely deleted.
    Data items: Attendance data, Pictures / images, Customer name, Correspondence content, Company Role, Profile preferences, Email address, Company name, Attendee Group, Profile visibility status
    Data is processed in the EU
  • Online event platform – Attendee support
    Description: At Confiva, we are dedicated to offering exceptional support to our attendees. This section of our privacy policy outlines how attendee support may access and handle attendee data to assist with problem resolution and provide a seamless event experience. If you encounter issues while using our online event platform, our support team may be available to assist you. In some cases, to effectively diagnose and resolve problems, our support team may need to access certain attendee data associated with your account. Consent and Control: By seeking assistance from our support team, you provide implicit consent for them to access the necessary attendee data to address your concerns. If you have specific concerns about the data accessed, you can communicate your preferences to the support team. Your Rights: You have the right to request information about the data accessed by our support team on your behalf. You can also request corrections or deletions of inaccuracies.
    Purpose: The access to attendee data by our support team is solely for the purpose of diagnosing and resolving issues you encounter while using our platform. This includes assisting with technical difficulties, answering event-related queries, and providing general support to enhance your event experience.
    Legal basis: Consent
    Retention period: The data accessed by our support team in the course of assisting you will be retained for as long as necessary to address your concerns and provide a resolution. After the resolution, any accessed data that is no longer required will be securely deleted.
    Data items: Attendance data, Pictures / images, Electronic identification data, Company Role, Username, Profile preferences, Email address, Phone number, Company name, Attendee Group, Registration status, Profile visibility status, Attendee background logs
    Data is processed in the EU
  • Software development & support
    Description: Development of software and activities in support of the development, testing and deployment of the software
    Purpose: To develop software Legal basis: Legitimate interests
    Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
    Data items: Electronic identification data, Correspondence content, Username, Profile preferences, Email address
    Data is processed in the EU
    In the above processing we are the data controller.
    Where you provided consent, you have the right to revoke it. You have the right to withdraw your consent at any time.
    In case you object to the processing of your data, please contact us so we can evaluate together if a contractual relationship is possible and a continuation of the use of our services is possible.

We also handle supplier data. When we collect, process and store supplier data, we want to make sure we only collect, process and store data we really need and are entitled to handle in this way. In dealing with our suppliers we typically collect, process and store the name, work email and work phone of the person(s) interacting with us. We also collect, process and store the VAT number of our suppliers.

3. PROCESSING OF PERSONAL DATA ON YOUR BEHALF

The specific nature of our relationship makes it unlikely that we will process other people’s personal data on your behalf. In the exceptional case that this nevertheless occurs, we are the processor and you are the controller. We will then carry out your instructions for the processing, possible subcontracting, the fate of the data at the end of the agreement and the possible transfer of data. We will therefore take the necessary security measures and assist you in fulfilling your obligations under the GDPR.

4. TRANSFER OF PERSONAL DATA

In order to provide certain services or products we might work with third parties such as IT partners, insurance partners, accounting partners, legal advisors. More specifically we reserve the right to transfer your personal data to our partners.

  • IT Support
    Purpose: To ensure proper running of the IT environment Legal basis: Legitimate interests
    Data items: Electronic identification data, Customer name, Email address Data is processed in the EU
    Amazon EU companies receives the data
  • Communication services
    Purpose: To enable communication services Legal basis: Contract
    Data items: Pictures / images, Electronic identification data Data is processed in the EU
    Twilio Ireland Limited receives the data
  • Communication Services
    Purpose: To provide communication services Legal basis: Contract
    Data items: Pictures / images, Electronic identification data Data is processed in the EU
    Whereby AS receives the data
  • Video streaming hosting
    Purpose: To host video streaming Legal basis: Contract
    Data items: Pictures / images, Electronic identification data Data is processed in the EU
    MUX UK Ltd receives the data
  • Email delivery service
    Purpose: To establish email delivery service Legal basis: Contract
    Data items: Electronic identification data, Customer name, Correspondence content, Email address
    Data is processed in the EU Mailjet SAS receives the data
  • Social media – Linkedin
    Purpose: To promote the company and its services Legal basis: Legitimate interests
    Data items: Staff member name, Pictures / images, Electronic identification data, Electronic localisation data, Involved party name, Date & time
    Data is processed in the EU
    LinkedIn Ireland Unlimited Company receives the data
  • Software development
    Purpose: To ensure the proper running of the Confiva platform and the development of new features.
    Legal basis: Legitimate interests
    Data items: Attendance data, Electronic identification data, Customer name, Involved party name, Date & time, Username, Email address
    Data is processed in the EU KobiLabs d.o.o. receives the data
  • Social media – Facebook / Instagram
    Purpose: To promote the company and its services Legal basis: Legitimate interests
    Data items: Pictures / images, Electronic identification data, Electronic localisation data, Customer name, Date & time
    Data is processed in the EU
    META PLATFORMS IRELAND LIMITED (ex-Facebook) receives the data
  • IT Support
    Purpose: To ensure proper running of the IT environment Legal basis: Legitimate interests
    Data items: Electronic identification data, Customer name, Email address Data is processed in the EU
    Urbit d.o.o. receives the data
  • Website analytics & visitor statistics
    Purpose: Measuring website & commercial performance Legal basis: Legitimate interests
    Data items: Electronic identification data, Electronic localisation data, Date & time Data is processed in the EU
    Piwik PRO receives the data
  • Virtual Live-stream studio
    Purpose: Production and management of the live stream. Legal basis: Legitimate interests
    Data items: Pictures / images, Voice recordings data, Username, Email address Data is processed in the EU
    Zoom – via Lionheart Squared Ltd receives the data

If we receive personal data from a third party referring you to us, we assume this data is obtained directly from you or with your consent. If this is not the case, please advise us immediately.

These third parties will generally act as data processor. Please do note that social media platforms, commerce platforms and structural sales partners are often regarded as joint controllers.

If you participate in an online call, meeting, conference,… do note that any data you choose to share will be visible and/or audible to the other participants. Please consider this before sharing your personal details, video, audio or any other data.

In case you object to the transfer of your data, please contact us so we can evaluate together if a contractual relation is possible and a continuation of the use of our services is possible.

Please do note that we may be required by law to process certain data and, as the case may be, to transmit them to the relevant authorities. As this is a legal obligation you can not object this transfer.

5. SECURITY & CONFIDENTIALITY

We undertake to keep your personal data secure & confidential and have established security procedures to avoid any loss, abuse or alteration to this personal data in line with industry best practices.

6. WEBSITE & COOKIES

Navigation on our website may result in cookies being saved to your computer. They simplify the visit and improve your experience. When visiting our website you will be informed of the cookies being used and we will ask you for your consent. Furthermore, each time you visit our website, the webserver automatically processes your IP address and/or your domain name.

We may publish links to websites owned and operated by third parties. If you click on such a link you will navigate to another website. Please make sure you read and understand the privacy policy of that website, as it may differ from our policy and is outside of our control. If you feel unsure or cannot agree with the policy, we suggest you leave that website.

7. SOCIAL MEDIA

If you use the social media functions such as eg “like” or “share” button that may be on our website, or if you visit our social media page, please know that your personal data will be processed by the social media platform. In this processing, the European regulator considers us and the social media platform both to be joint data controllers, which means that we jointly determine why and how your personal data is processed. You can find out how we process your personal data in this privacy statement. You can find information about the processing by the relevant social media platform in their privacy statement. We ask you to read the privacy statement of the social media platform carefully before visiting the social media items on our page or our page on the social media platform.

If we hold an event such as a client network event, opening event, premiere etc. we might have photographers or videographers present. The photos and videos they shoot are purposed to be used in marketing materials and / or published on our social media pages. When you are not the main subject of these materials the data protection authority’s guidance is that your GDPR explicit consent is not required. However, should you oppose to us using materials where you are depicted, please let us know.

8. EXERCISING YOUR RIGHTS

In accordance with the general data protection regulation you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Withdraw your prior consent to processing at any time.
  • The right to object to a decision based solely on automated processing, including profiling. The right to receive your personal data in a structured, commonly used and machine-readable format and have transmit those data to another controller (commonly known as a “data portability request”).

We sometimes need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

You can exercises your rights by contacting our Privacy Coordinator Marko Šček via [email protected] or at the below company address:

Confiva Global d.o.o. c/o Marko Šček

Litostrojska cesta 58C 1000 Ljubljana Slovenia

9. DATA PROTECTION AUTHORITY

You can direct any complaints and comments to the competent data protection authority at the below address:

Information Commissioner

Dunajska cesta 22 1000 Ljubljana, Slovenia https://www.ip-rs.si